Just incase we get any posts on this.
MS Security Essentials is reporting that a file called MsIcons has a virus in it, the virus will be named as TrojanDownloader:win32/Troxen!rts.
I have just cross checked this file with www.virscan.org which checks a submitted file against nn different scanners and several of them picked up different trojan signs.
So it's either got 14 different trojan loaders which in an 85K file would be impossible or we have as in the past a heuristics glitch.
The heuristics look for things that might be indicitative of a virus and then flag their best guess at what it might be, they are a trip wire for potential as yet undefined threats. Because they look for quite small code fragments which are also used in quite legitimate code the logic is often flawed.
It is best explained in these examples which indicate how the heuristics 'think' in very simple terms
1. If it is grey it is an elephant and can only be an elephant. So you MAY have a small grey elephant in your mouse cage!! Clearly a mouse isn't an elephant but both are grey so the safest couse is to say that they all are!!
2. All murders are committed by people with two arms. Therefore if you have two arms then you are a murderer. Again you probably aren't BUT you do have the potential so we'll warn everyone just to be on the safe side!!
******
If you do see this file being flagged as having a virus DO NOT delete the file as it will remove the icons for courselab, add it to the allowed exceptions list.
I have reported this false positive to MS so it will be added to their definitions at some time in the future.
This has happened before and will happen again, be calm be cool. The guys at courselab and their code is A1 100% clean
Just incase we get any posts on this.
MS Security Essentials is reporting that a file called MsIcons has a virus in it, the virus will be named as TrojanDownloader:win32/Troxen!rts.
I have just cross checked this file with www.virscan.org which checks a submitted file against nn different scanners and several of them picked up different trojan signs.
So it's either got 14 different trojan loaders which in an 85K file would be impossible or we have as in the past a heuristics glitch.
The heuristics look for things that might be indicitative of a virus and then flag their best guess at what it might be, they are a trip wire for potential as yet undefined threats. Because they look for quite small code fragments which are also used in quite legitimate code the logic is often flawed.
It is best explained in these examples which indicate how the heuristics 'think' in very simple terms
1. If it is grey it is an elephant and can only be an elephant. So you MAY have a small grey elephant in your mouse cage!! Clearly a mouse isn't an elephant but both are grey so the safest couse is to say that they all are!!
2. All murders are committed by people with two arms. Therefore if you have two arms then you are a murderer. Again you probably aren't BUT you do have the potential so we'll warn everyone just to be on the safe side!!
******
If you do see this file being flagged as having a virus DO NOT delete the file as it will remove the icons for courselab, add it to the allowed exceptions list.
I have reported this false positive to MS so it will be added to their definitions at some time in the future.
This has happened before and will happen again, be calm be cool. The guys at courselab and their code is A1 100% clean
